My blog in the Digital Web. From here you can see the paper trail of what I find on the net that I like, as well as any interesting happenings. Also of interest to some are my writings, small pieces of fiction based on worlds created by others (as is the case of the Exalted sequence), or by me (as in the Dark Ages and Present Time series). My main anchor now is here.

Saturday, May 28, 2005

Windows is nearly ready for the desktop, and that includes security as well as LCD driver technology that actually works. This will all happen in the next major revision of Windows, Longtooth.

Sources whom I consider accurate have told me that despite Microsoft's claims that Longtooth will be released by 2006 or 2007, the planned release date is actually late in 2019. Microsoft's secret goals for this version are:

* To reduce the user's perception of the complexity of Windows.
* To gain increased security from emerging threats, such as viruses, worms, spam, spyware, adware, malware, hackers, and phreakers, among others.

Microsoft will accomplish these goals through a variety of changes. First, Longtooth will no longer be based on the Windows NT design philosophy, as were Windows 2000 and XP. Instead, Microsoft will release MS-DOS 9.0 2003, a 64-bit multithreaded DOS written in VisualBASIC.Net, and Windows Longtooth will run on top of that. Also, Longtooth will contain more code changes than any previous version of Windows, both in the number of changed source lines of code (SLOCs) and in the percentage of the total Windows codebase changed. Tremendous numbers of new features are being implemented in completely new code.

More importantly, Microsoft employees are combing through the codebase, in a relentless search for code that is mature, stabilized, and proven. This search has proved difficult, but when found, such code will be marked for reimplementation. I'm told that most of this code will be reimplemented in VisualBASIC.NET, even if the prior version was written in another language, such as C or C++. Programmers making the new VisualBasic.NET code are not allowed to look at the code that already exists, so that fixes to known issues will not be known until well after the software is deployed to millions of users.

The reason for these changes is simple: Study after study conducted by Microsoft has proven that security through obscurity is the only way to go, especially in an operating system deployed to millions of users, with many instances running mission critical applications in finance, industry, government, and other sectors. Microsoft has identified that viruses, worms, spam, spyware, adware, malware, hackers, and phreakers are able to compromise Windows security because vulnerabilities in the code are known. By changing much of the codebase, especially the stablest and most proven parts, Microsoft will thwart the efforts of malicious programmers, as it will take time for them to find the new vulnerabilities in the unknown code.

To meet Microsoft's first goal of reducing the user's perception of the complexity of Windows, Microsoft will integrate a new technology, dubbed Microsoft Windows User Simplicity And Security Manager 2003, into Longtooth. This technology will hide all configuration settings from the user. All settings will be completely automatic, and the user will have no need to know or care what is under the hood. In reality, Longtooth will be the most complex version of Windows yet, with thousands of configuration settings controlling nearly every function of the operating system. The settings will be produced by discovery algorithms designed to automatically set a "sane" configuration. Since there will be no interface to modify any setting, the user will have no choice in his configuration, thus simplifying the user's perception of the system's complexity.

To meet the second goal of increased security, these settings will be scattered throughout the OS, its components, and in other areas of the file system. For example, Microsoft knows that viruses, worms, spam, spyware, adware, malware, hackers, and phreakers are interested in moving the icons on user desktops without the user's permission, so settings controlling the number and size of icons appearing on the desktop will be scattered throughout parts of the registry, batch files, .ini files, web bookmarks, in the Windows kernel, in the file allocation table, in the hard drive's partition table, in hidden tracks on the hard drive, and, if a Linux partition exists, in random areas of this partition, overwriting other data. This manner of storing settings will thwart the efforts of hackers to modify them for malicious purposes. Unfortunately, high security also means a slight reduction in usability. In this case, it will prevent the user's ability to control protected settings like the positions of icons, which is why Longtooth will be fully automatic when it comes to configuration.

On the other hand, Microsoft does not plan to expend unnecessary efforts to protect less important settings. Therefore, unimportant items, such as the user's digital wallet, used to access bank accounts and other private information online, will be stored as cleartext in the file C:\WINDOWS\WALLET.INI. For convenience, users will be able to access their wallet from anywhere over the Internet. For example, if your home computer's IP address is 201.555.193.31, and you want to access your bank accounts from work, all you have to do is connect to http://201.555.193.31/wallet [201.555.193.31], and Windows will supply the file without any troublesome intervention or inconvenient passwords, which users are likely to forget right when they need them most.

Microsoft Windows User Simplicity And Security Manager 2003 includes additional functionality to thwart viruses, worms, spam, spyware, adware, malware, hackers, and phreakers. For example, Windows automatically assumes that any non-Microsoft code might be malicious. It identifies such code by comparing the executable name to a list of Microsoft applications. If the name matches, the code is assumed safe; if the name does not match, the code is assumed unsafe. So, for example, any file named EXPLORER.EXE or NOTEPAD.EXE is known to be Microsoft code and is therefore assumed 100% safe. The OS does not make any safety checks on such code, and the code always runs with full Administrator priviledges. For convenience, this list is stored in C:\WINDOWS\SAFELIST.INI, and can be accessed with read/write permission using any Internet connection.

Longtooth will include a second line of defense against viruses, worms, spam, spyware, adware, malware, hackers, and phreakers. Dubbed Microsoft Malicious Code Stopper 2003, this portion of Longtooth will prevent known malicious code from running. Each time the user attempts to launch a program by clicking its icon, Longtooth will compare the name of the program to names listed in the file C:\WINDOWS\DONTRUN.INI. If the program is listed there, Windows warns the user against running malicious code and prevents the program from starting. When Windows is installed, this file only contains OPERA.EXE and FIREFOX.EXE, two programs known to Microsoft to contain rogue code.

By distinguishing safe Microsoft code from unsafe malicious code as described in the previous paragraph, Microsoft Windows User Simplicity And Security Manager 2003 provides an important layer of security. This security is integrated into the Windows user interface as I described at length in previous posts about Longtooth. A separate line of defense, called Microsoft Longtooth Security Center 2003, will provide an interface to authenticate security events. I will summarize its features here:

User interface features, such as mouse movement and clicks, use of the scroll wheel, keys pressed, menu selections, and other events pass through a special filter when they occur in any part of the interface not controlled by safe Microsoft code. Any time such an event occurs, Windows will display a dialog, asking the user if he is sure he wants to perform that action. The user will have to select "Yes" and enter the administrator password to proceed. This process will be known in Longtooth as "Authenticating an OS event to the user," or simply, as "authentication."

The network layer will be heavily protected. Each network packet received or sent over any interface will require authentication, unless focus is in a Microsoft program at the time, in which case all security checks, including the Microsoft Personal Firewall, if activated, will be completely bypassed. Users will also have to authenticate the loading of any program, unless it is a Microsoft program. Any APIs called will have to be authenticated, unless they are called from a Microsoft program. Any assembly instruction executed in a non-Microsoft program will also have to be authenticated.

By the way, to make sure that a "bot" or some other automated system isn't automatically clicking "yes" and entering the password, and to foil password cracking programs, Microsoft will implement several innovative new technologies. Sometimes, the user will be asked to enter his password backwards. Other times, the password form will request every other character of the password, or every third character, or an ASCII sum of characters located in prime number locations (e.g., the 1st, 2nd, 3rd, 5th, 7th, 11th, etc., characters of the password) in BCD notation, or characters located in Fibonacci number locations (e.g., the 0th, 1st, 1st, 2nd, 3rd, 5th, 8th, etc., characters of the password). In the case of Fibonacci numbers, 0 will refer to the first character, 1 to the second, etc. Longtooth will provide a reference guide and a programmer's calculator to assist the user during this process. Additionally, Windows will sometimes display an image of text that is slightly warped (to foil OCR algorithms that might be present in password crackers) that the user must enter correctly before typing the password.

Again, these authentication checks take place only when running non-Microsoft code. Microsoft understands that so much authentication will make any non-Microsoft program totally unusable for all practical purposes. Instead of getting any work done, the user will spend all of his time entering passwords. Therefore, Microsoft will release what it internally calls a PoK, or "patchwork of kludges," known for marketing purposes as Microsoft Longtooth Password Accelerator 2003. This accelerator will function by capturing authentication events and entering the Administrator password automatically each time, preventing the window from appearing and bothering the user. Since this means the security gained through authentication will be lost, Microsoft Longtooth Password Accelerator 2003 will, at random intervals, disregard authentication events, causing the window to appear. This means that you could be playing Doom III, and suddenly a window appears asking you if you really want to execute MOV EAX,EBX. Or you might have Nero burning a DVD while you're watching TV in the other room, and the burning process will get screwed up in the middle because some window will wait for your password before continuing. These programs will be frozen until you enter the Administrator password. But since Microsoft understands that sometimes you start a process and leave it unattended, Windows will countdown 60 seconds and then simply continue, skipping the action that did not gain authentication. Thus, the unattended program would probably crash or have some other undefined result.

This might seem a bit inconvenient, but high security is more important than proper operation. Microsoft understands that users may be somewhat disappointed when programs crash due to increased security. To compensate, Longtooth will include several innovative features designed to provide an improved user experience.

Clippy, the talking paperclip, along with other Microsoft characters, will appear throughout the user interface to help the user make informed decisions. Dialog boxes and other cumbersome interface elements have been removed in favor of Clippy and his friends. When an authentication window appears, Clippy will be there to make a random choice, if the user doesn't know what to do. In this case, Clippy can flip a virtual coin, which will come with cool animations and sounds. The coin will initially be selected according to the local currency, but the user will be able to choose from over 100 different contemporary and historical coins. Longtooth will also include an optional full-screen animation with cool 3D effects, which can be used during this process or as a screensaver.

Another option is to pit two Microsoft characters, such as Clippy and Einstein, against each other in a variety of games, such as Scissors/Paper/Rock, Chess, Backgammon, Checkers, or Monopoly, with the winning character making the decision. A "best out of three" option will be presented, but better yet, users can combine several of these into a single decision. For example, Clippy and Einstein can play a game of Chess; the winner can play Monopoly with Rover, and the winner of that game gets to flip a 1-oz Krugerrand coin to make the final decision. Thus, the decision process could take a number of hours, and the rest of the computer is frozen during this time for security purposes. Even Ctrl-Alt-Delete will not work during this time.

Hackers or phreakers who gain physical access to the computer during this process might think they are smarter than that: They will push the Reset button, or unplug the computer. But Microsoft has thoughtfully included a journal, similar to a filesystem journal, to protect the system: The next time the system is started, after the system runs Scandisk, Clippy and Einstein will continue their game of Chess right where they left off.

By adding these innovations, Microsoft hopes to make Longtooth fun and inviting, rather than scary and intimidating. This is important to Microsoft, as they are concerned about users who have never used a computer before. These users will find it easier to operate the computer through Clippy, rather than through a scary user interface with icons, buttons, and other confusing elements. Advanced users will appreciate the increased security and peace of mind that Longtooth will bring.